SCADA security using SSH honeypot

Industrial Control System (ICS) is a term that refers to control systems in production, transmission and distribution architecture in Smart Grid. These systems can be SCADA (Supervisory Control and Data Acquisition System) and DCS (Distributed Control Systems). ICS have moved from proprietary system to open and standard technologies interconnected with others networks such as Internet. This move to interconnecting ICS with others networks have exposed this system to different attacks and have revealed serious weaknesses. So, these systems must deployed protection measures like IDS, Firewalls, IPS and others. However, detection based on these measures is often based on prior knowledge of the attacks themselves and are not able to study the behavior and techniques used by attackers, which means that new attacks are not detectable by them. So, in order to detect new attacks, understand malicious activities targeting ICS, and analyses attackers' behaviors and techniques used by them, in this article, we use a SSH honeypot tool called Kippo in order to log brute force attacks and shell interaction performed by attackers in order to take attention away in the production server.